CVE-2022-2310
Skyhigh SWG Authentication bypass vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An authentication bypass vulnerability in Skyhigh SWG in main releases 10.x prior to 10.2.12, 9.x prior to 9.2.23, 8.x prior to 8.2.28, and controlled release 11.x prior to 11.2.1 allows a remote attacker to bypass authentication into the administration User Interface. This is possible because of SWG incorrectly whitelisting authentication bypass methods and using a weak crypto password. This can lead to the attacker logging into the SWG admin interface, without valid credentials, as the super user with complete control over the SWG.
Una vulnerabilidad de omisión de autenticación en Skyhigh SWG en las versiones principales 10.x anteriores a 10.2.12, 9.x anteriores a 9.2.23, 8.x anteriores a 8.2.28 y la versión controlada 11.x anteriores a 11.2.1, permite a un atacante remoto omitir la autenticación en la Interfaz de Usuario de administración. Esto es posible debido a que el SWG ha incluido incorrectamente en su lista blanca los métodos de omisión de la autenticación y ha usado una contraseña criptográfica débil. Esto puede conllevar a que el atacante entre en la interfaz de administración del SWG, sin credenciales válidas, como super usuario con control total sobre el SWG
CVSS Scores
SSVC
- Decision:-
Timeline
- 2022-07-05 CVE Reserved
- 2022-07-27 CVE Published
- 2024-08-03 CVE Updated
- 2024-10-18 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-290: Authentication Bypass by Spoofing
CAPEC
References (1)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Skyhighsecurity Search vendor "Skyhighsecurity" | Secure Web Gateway Search vendor "Skyhighsecurity" for product "Secure Web Gateway" | >= 8.0.0 < 8.2.28 Search vendor "Skyhighsecurity" for product "Secure Web Gateway" and version " >= 8.0.0 < 8.2.28" | - |
Affected
| ||||||
Skyhighsecurity Search vendor "Skyhighsecurity" | Secure Web Gateway Search vendor "Skyhighsecurity" for product "Secure Web Gateway" | >= 9.0.0 < 9.2.23 Search vendor "Skyhighsecurity" for product "Secure Web Gateway" and version " >= 9.0.0 < 9.2.23" | - |
Affected
| ||||||
Skyhighsecurity Search vendor "Skyhighsecurity" | Secure Web Gateway Search vendor "Skyhighsecurity" for product "Secure Web Gateway" | >= 10.0.0 < 10.2.12 Search vendor "Skyhighsecurity" for product "Secure Web Gateway" and version " >= 10.0.0 < 10.2.12" | - |
Affected
| ||||||
Skyhighsecurity Search vendor "Skyhighsecurity" | Secure Web Gateway Search vendor "Skyhighsecurity" for product "Secure Web Gateway" | >= 11.0.0 < 11.2.1 Search vendor "Skyhighsecurity" for product "Secure Web Gateway" and version " >= 11.0.0 < 11.2.1" | - |
Affected
|